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Remote Forensic Software 




- Special Telecommunication Systems for Law Enforcement 
Agencies (LEA) 

- Development of special solutions for the needs of LI 

- Located in the middle of Germany 

- DigiTask has overall experience 
of many years in LI systems 

- DigiTask is market leader 
for LI in Germany 

- DigiTask is privately owned 
and independent 
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Remote Forensic Software 




- Complete LI systems 

• Database supported analysis for 

- telephony 

- real time IP decoding and live visualization 

• Integrating multimedia player 

• Supporting ETSI standards 

• Mediation Devices 

• 24/7 support 

• Onsite training 

- WiFi-Catcher 

- Remote Forensic Software 
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Remote Forensic Software 
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Content Bigilask 



1. What intelligence may be lost with today's LI systems? 

2. What is Remote Forensic Software? 

3. What is provided by the DigiTask solution? 
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Remote Forensic Software 



I* What intelligence is lost? utgilask 

1. What intelligence may be lost with today's LI systems? 

Information that 

• can be gathered but not decoded 

• might be decoded but cannot be gathered 

• is not available even after seizure of equipment 
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Remote Forensic Software 



1. What intelligence is lost? 




Instant Messaging Clients 

• encrypted by default: 

- Wikipedia overview of IM lists 55 
clients, 34 with out of the box 
encryption 



- Skype 



* Skype- (BET*) » 



Skype Contacts Conversation Call View Tools Help 

Q- Test Account y Person; 



Add video or write a message here tor 
your friends to see 



ii Festnetz- und Mobiltelefone anrufen 



tU Skype Test Call 



. New Contacts Conversations 

Search Contacts, Groups and Conversation Topics 



^ Skype Test Call 




Test message 
Skype Test Call 



® © 

Show avatar \ 



® Call phones 
<4 Directory 
M Shop 



.2008 .09.02 09:13:09 Test message 

Test Account 

2nd test message 

Skype Test Call 

~ — — - 2008.09.02 09:1 4:1 8 2nd test message 
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Give feedback 



SMS Send file More - 
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Source: Wikipedia 
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Remote Forensic Software 



1. What intelligence is lost? 




- External tools for encryption: 

• e.g. SimpLite/SimpPro targets 

- Windows Live Messenger 

- ICQ/ AIM 

- Yahoo 
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Remote Forensic Software 




1. What intelligence is lost? 



Digilask 



U LZ 



- WWW: sensitive data uses HTTPS 



<I> https ://www 1 . secure . hsbcnet . com/uims/portal/IDV_CAM 1 0_AUTHENTICATION?initialAccess=tr * [/* [Gl ~ r 



HSBCflet 

Capture 



• Online banking 

• E commerce 

• Booking systems 

• Webmail 

• Chat 



- - https: //www. amazon. com/gp/sign-in.html?ie=UTF8&email=8disableCorpSignUp=8 " ' [r 



Observable data 
• Remote IP 



• Time and amount of traffic 




B 



Hello. Sign in to get personalized recommendations . New customer? Start here . 



Get FREE Two-Day Shipping Now 0 



/s. Deal's 0 Oift 



Your Account I Help 



«t* Y https : //signin . ebay . com/ws/eBaylSAPI . dll?SignIn&ru=http%3A%2F%2Fww w , 



■eb< sj| ▼ \ + ] IfGl-l'^ 



g - 'To https: //secure, hilton.com/en/hi/login/login_protection.jht ml; jsessionid=OXY3AK4CGJHMCSGBJC222 “ * ► ] i[Gl»j 






' https: //www. google. com/accounts/Login?continue=http://www. google. com/&hl=i * U- |Gj ,r 



Google Accounts 






• ^ https://www.icq.com/karma/login_page.php 


=HH a- 





icq 



i w 



Login Page 






In order to complete your action, please log in: 



ICQ Number or Email JCOCOOOOt 
ICQ Password j" vrrnlr 



r Remember me Q 

mportant! The ICQ staff will NEVER ask you for your password, so don't tell it 



¥ 
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Remote Forensic Software 



1. What intelligence is lost? 




- E-Mail 

• POP/SMTP use 

- Local encryption 
PGP, GnuPG 



TSL/SSL 

with 



Account Settings 



L 



Server Settings 



Copies & Folders 
Composition & Addressing 
Offline & Disk Space 
r Junk Settings 
Return Receipts 
Security 
:! Local Folders 



Disk Space 
Junk Settings 
Outgoing Server (SMTP) 



Add Account. . 



Remove Account 



Xj 



Server Settings 



Server Type: 
Server Name: 



IMAP Mail Server 



Default: 143 



X 



Security Settings 
Use secure connection: 

C Never C US, if available (• TLS SSL 
I - Use secure authentication 



Server Settings 

Check for new messages at startup 
P Check for new messages every jlO minutes 
When I delete a message: j Move it to the Trash folder 
l~~ Clean up ("Expunge*) Inbox on Exit 
V Empty Trash on Exit 



Advanced... 



Local directory: 



Cancel 
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Remote Forensic Software 



h 




1. What intelligence is lost? 




- VPN connections 

• between endpoints 

• commercial anonymising VPN 

e.g. 

- Relakks 

(Sweden, € 5/month) 

- Swissvpn 

(Switzerland, US$ 5/month) 

- Tor/JAP 

• encrypted traffic 

• changing endpoints 
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Remote Forensic Software 



1, What intelligence is lost? uigilask 

- Nomadic targets 

• travellers 

• suspects seeking open WLANs 



- Tapping internet connections of targets useless 



- Disk encryption software 

• Seizure of equipment 
useless if password is 
unknown 
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Remote Forensic Software 




1, What intelligence is lost? DtgiJask 

- Availability 

• Most of this software is 

- easily available 
» computer magazines 
» internet 

- free of cost 

- easy to use 

- Answer to question: 

• Everything may be lost 

• With a few hours effort, today's LI systems can be turned 
blind and deaf. 
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Remote Forensic Software 



2. What is Remote Forensic Software? uigilask 

- Stealth software installed on computer of target to 

• overcome encryption 

• handle nomadic targets 

• monitor activity 




for 

• criminal investigations 

• intelligence gathering 
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Remote Forensic Software 



2. What is Remote Forensic Software? 




Dtgtlask 



U LZ 



- How can it be installed? 

• Direct access 

• Injection proxy 

• Social engineering 

• Modified software products 

• Zero day exploits 
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Remote Forensic Software 



3, What is provided by the DigiTask solution? 




Dtgtlask 



m lz 



3.1. Additional intelligence 

- Audio data, e.g. from messengers 

- Screenshots 

- Keylogs 

- File search 

- Registry settings 

- Remote shell 

- ... (more in track 5) 

- Target platforms: 

• 32 bit Windows (2000, XP, Vista) 

• Mac OS X 

• Linux, Windows Mobile, Smartphone's 






\ 

[*' ”1 
' ^ 
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Remote Forensic Software 



3. What is provided by the DigiTask solution? uigtlask 

- SSL decryption 

• Keys intercepted in application 

• Keys and encrypted traffic tapped 

• Decoding possible 

• Requires DigiTask LI system 
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Remote Forensic Software 




utgtlask 

r . 



3. What is provided by the DigiTask solution? 




3.2. Data Analysis 



- Standalone system 

• Immediately deployable 

• Backward channel to target 



- Optional seamless integration in DigiTask LI system 

• No new user interface for operators 

• Correlation of RFS data with conventional LI 

• Interactions with target become impossible 

- Core area of private life 
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Remote Forensic Software 




utgtlask 

r . 



3. What is provided by the DigiTask solution? 




3.3. Security 



- Protection of data stream 

• Data is AES encrypted 

• Proxies between target and recording server 

• Connection cannot be traced 



- Authenticity of data 

• File transfers are signed 

• Safeguards against manipulations 

• Important for criminal investigation 
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Remote Forensic Software 



3. What is provided by the DigiTask solution? 

3.4. Customization 

- Software may be built according to court order 

- "Forbidden" features 

• removed from software 

• cannot be activated 

- After installation: 

• online update possible 

- Source code of customization 

• archived 

• verifiable by expert witness 
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Remote Forensic Software 



Conclusion 




- Encryption for every kind of 
communication easily available 

- Circumvention by means of 
Remote Forensic Software 

- Standalone operation 

- Integration in LI system 

- Authenticity of data for criminal 
investigations 
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